CVE-2026-2441

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.75/76 and 144.0.7559.75 (Linux)

Description Google Chrome has a high-severity use-after-free vulnerability (CVE-2026-2441) in the CSS engine that is actively exploited in the wild. This flaw allows attackers to execute arbitrary code inside the browser sandbox via a crafted HTML page. The vulnerability is related to CSS font feature values processing and can be triggered by visiting a malicious webpage. A public proof-of-concept (PoC) exploit is available. The vulnerability affects all Chromium-based browsers.

Recommendations Update Google Chrome to version 145.0.7632.75 or later on Windows and macOS, or to version 144.0.7559.75 or later on Linux. Restart the browser after applying the update.